Security/Forget Button: Next

From MozillaWiki
Jump to: navigation, search
Warning signWarning: This is just a draft proposal for a new Firefox feature

Description

Flow

The goal of this feature is to provide a way for website authors to tell Firefox to show its Clear History interface.

It’s a lot like a Forget Button that is triggered automatically by the website, instead of manually by the user.

Delivery Mechanism

We define a new JavaScript navigator object that any site can use, like so:

<a href="javascript:navigator.forget()">Hide my visit</a>

When clicked, Firefox’s Clear History interface is shown, awaiting user’s confirmation.

Properties

There could be further ways to customise the dimension of information to be cleared. Then again, we may not need any property, as user can already customise the length of history erasure.

Potentially useful:

  • Time-based: forget('seconds',300), forget('minutes',60)
  • Window/tab-based, meaning, everything browsed in the current window and all its child tabs: forget('window')

Maybe not so useful:

  • Steps-based, meaning, last number of steps including current step: forget('steps',5)
  • Domain-based: forget('domain','self'), forget('domain','example.com,abc.com,xyz.com')

Reasoning

Following our discussion with a representative from New Zealand’s National Collective of Independent Women’s Refuges, our previous Automatic Private Browsing Upgrades (Auto PBM) proposal seemed inadequate to cover their needs.

Refuge websites are not just visited by people seeking help

  1. People seeking help
  2. Patrons and potential donors
  3. People doing research

Refuge websites do need tracking

  1. Many orgs receive Google Ad Grants in the form of AdWords. They want to know which keywords are effective.
  2. Almost every org receive marketing and advertising help. They want to know which techniques are effective.
  3. Practically every org relies on donations. Tracking helps them optimise for donors.

Auto PBM is too catch-all and cannot distinguish intent

  • Considered splitting website into “private” and “non-private” pages
    • Private pages can be opened in PBM
    • Non-private pages shouldn’t open in PBM
  • Most visitors who need help don’t type the URL into the address bar
    • Instead, they Google for something like “what to do when my partner abuses me”
    • Search result goes to specific page on the website, rather than the top page
  • Suggestion: can the browser make it so that auto PBM targets specific pages within the domain, rather than the domain itself?

Auto PBM doesn’t erase search data

  • Forget button is a good solution
    • Unfortunately, activating the Forget button is hard (user must first add the button to the toolbar)
    • An important fact: if user forgot to hide the Forget button after use, it may arouse suspicion
  • Suggestion: would love the ability for sites to **pro-actively ask** the browser to erase history in a fine-tuned way
    • By domain: data from this site
    • By session: data opened from this window or tab

Current and ideal solutions

  • Current: route visits through third party websites, so it’s less suspicious
  • Suggestion: would love the ability to actively trigger PBM and data erasure
    • “Click here to open our website in PBM”
    • “Click here to erase our site data”
    • “Click here to erase your tracks over the last 5 minutes”

More concerns

  • If the browser history keeps getting wiped clean, it might become a pattern that arouses suspicion
  • Some browser window or tab are kept open at all times and never closed, so one can’t just simply “erase a session”
  • Snooping software. Happened to a client where the partner installed a spying software while she was away. However, it’s out of the browser’s reach, and therefore, out of this project’s scope.
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Forget_Button:_Next&oldid=1104232"